[Encore] MOOtcan URLs

Daniel Jung jung at uib.no
Thu May 24 14:08:30 MDT 2007 

Jean-Marc Giffin wrote:

> Does anyone know what interprets the URLS inputted into MOOtcan? 
> Is it MOOtcan itself, or something on the server, or an enCore object? 
> Where specifically is the process located, if at all accessible?


Three questions. three answers:

i. Of course someone knows... :)

ii. An object produces the string, the server sends it to the client, 
the client handles it.

iii. In $string_utils:mootcan_url(), but please let me explain the 
background first. I hope this will be clear--if not, please do NOT 
hesitate to ask again.

There are two applets available: (1) MOOtcan and (2) the v5 HTML Chat 
applet. MOOtcan comes in different releases, while there is only one v5 
applet. enCore v5 is designed in a way that it needs the v5 applet. This 
applet is more flexible, more secure and more slim. It doesn't display 
text at all, all it does is handle the update of the different frames, 
one of which is the Chat frame. The applet is designed in a way that it 
doesnæt work with anything other than v5 instructions.

Traditionally (enCore versions 1-3), the MOOtcan applet accepted strings 
like

<http://something.tld>.

and displayed it automatically in the web frame. The Java applet had 
this information hardcoded: Whenever a string like that arrives, put the 
  link location in the web frame.

Now, this was not satisfactory, and Jan Rune altered MOOtcan to accept 
two targets: (1) web frame, (2) _blank, in order to show URLs (for 
example from the @URL command) in a blank window of its own. Still, this 
was hardcoded in the applet.

With the new frames in v5, we needed another solution. More frames 
needed to be addressed: web frame, player frame, chat frame, even the 
menu frame. Plus, it would be nice to have arbitrary frames (like 
moo_document or whatever) reused. So we changed it to not be hardcoded 
in the applet, but receive an instruction from the moo as to where to 
put the link location.

So now the moo->client URL command string goes like this

<http://something.tld web_frame 34652536782>.

where there are three parts: the LINK, the TARGET frame and a CONTROL 
code. This control code prevents malicious use of the Java 
showDocument() method. Only the moo and the client applet know the code, 
  i.e., only moo-written (wizardly) moo->client URL command strings will 
be accepted.

In other words, you aren't able to produce those strings on your own any 
more, but you rely on calling a wizard verb that does it for you 
hiddenly; this verb has some security measures to prevent missuse.

Note too that this this only works for one user at a time. If you want 
to display something to a number of people, you must produce a new 
string for each of them, as all of them would have different control codes.

The verb is $encore_web_utils:mootcan_url(user, url, target) which in 
turn calls $string_utils:mootcan_url(user, url, target). They must be 
called with wiz perms. It produces a personalized string for exactly 
that user that is the first argument.

When printed to this user, the user's client (v5 applet) catches the 
string, validates the control code and if correct, calls the internal 
Java showDoc() method with two arguments: LINK and TARGET frame.

So when the new database (v5 based) sends a string like

<http://moo.tld:7000/player_frame647382 PLAYER_FRAME 463728>.

(which is supposed to update the player frame and nothing else) to an 
old applet (ALL MOOtcan versions are old in this regard!) the TARGET 
information is swallowed, and the link is put into what is hardcoded as 
default, i.e., ... right: web_frame.


Hope that helped.
Good luck
- Daniel

More information about the Encore mailing list